CVE-2016-9717

MEDIUM

IBM Infosphere Master Data Management... - Improper Input Validation

Title source: rule

Description

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.

References (3)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg22006605

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100074

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/119730

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 43.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-20

Status published

Products (14)

ibm/infosphere_master_data_management_server

IBM/InfoSphere Master Data Management < 10.1

IBM/InfoSphere Master Data Management < 11.0

IBM/InfoSphere Master Data Management < 11.3

IBM/InfoSphere Master Data Management < 11.4

... and 4 more

Published Jul 31, 2017

Tracked Since Feb 18, 2026